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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 
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earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1)IE1 Responsive to communication(s) filed on 28 April 2006 . 
2a)S This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
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Application Papers 
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10)D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 !)□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 
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!.□ Certified copies of the priority documents have been received. 
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DETAILED ACTION 

Claims 1-12 and 19-22 have been considered. 

Claim Objections 

5 Claims 1-12 and 19-22 objected to because of the following informalities: claim 1 recites the 

limitation "providing by said authentication server to said mobile station with a second key enabling" (lines 
17-18). Such wording is awkward. Examiner suggests removing the word "with". Similarly, claim 8 
recites the "wherein said authentication server further providing an decryption key" (lines 12-13). Such 
wording is also awkward. Examiner suggests amending "further providing an" to "further provides a". 
10 Appropriate correction is required. 

Claims 8-12 and 19-22 are objected to because of the following informalities: the phrase "a 
authentication server" (e.g. claim 8 line 4) is not grammatically sound. Appropriate correction is required. 

1 5 Claim Rejections - 35 (JSC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

20 

Claims 8 and 19 recite the limitation "said mobile authentication server" (see line 10 of claim 8). 
There is insufficient antecedent basis for this limitation in the claim. Claims 8-12 and 19-22 are rejected 
accordingly. 

25 Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 

rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as 
set forth in section 102 of this title, if the differences between the subject matter sought to be 
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patented and the prior art are such that the subject matter as a whole would have been obvious 
at the time the invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner in which the invention 
was made. 

5 

Claims 1-5 and 7 are rejected under 35 U.S.C. 103(a) as being unpatentable over Tabuki, U.S. 
Patent No. 5,841,970, in view of Kippenhan, U.S. Patent Application Publication No. 2002/0010769, in 
further view of Doonan, U.S. Patent No. 6,807,277, in further view of Hammond, U.S. Patent Application 
10 Publication No. 2003/0078927. 

As per claim 1 , the applicant claims a method of communicating data securely with the following 
limitations which are met by the combination of Tabuki, Kippenhan, Doonan, and Hammond: 

a) receiving a first authentication request at an authentication server from a mobile station 
15 (Tabuki: Col 6, lines 11-47; Kippenhan (claim 34); Hammond: [0012]); 

b) providing a first key from said authentication server to said mobile station in response to said 
authentication (Tabuki: Col 6, lines 11-47; Kippenhan: claim 34); 

c) receiving a second authentication request at said authentication request from a database 
server, said second authentication request further including said first key provided by said authentication 

20 server to said mobile station and a particular data identifying a database record to which said mobile 
station is requesting access (Tabuki: Col 7, line 38 to Col 8, line 27); 

d) determining at said authentication server as to whether said mobile station has authority to 
access said particular database record (Tabuki: Col 7, line 38 to Col 8, line 27); 

e) instructing said database server to provide information associated with said requested 

25 database record to said mobile station wherein said information is encrypted (Tabuki: Col 7, line 38 to Col 
8, line 27; Doonan: abstract); 

f) providing by said authentication server to said mobile station with a second key enabling said 
mobile station to decrypt said information received from said database server using said second key 
(Tabuki: Col 7, line 38 to Col 8, line 27; Doonan: abstract); 
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Tabuki discloses a method of communicating data similar to applicant's instant invention. More 
Specifically, Tabuki discloses a first station (20 of Fig 1) which communicates an authentication request 
which includes a first key to a database server (10 of Fig 1) to access data, for example banking records 
(Col 1, lines 46-50), on the database server. The database server may then provide the authentication 
5 request to an authentication server. The authentication server performs an authentication, and, in 
accordance with the response received, the database server provides information to the first station or 
does not provide information to the first station. Having the authentication process consigned to the 
external authentication server reduces the burden on the database server and simplifies the 
authentication process (Col 8, lines 10-27). 

10 While Tabuki discloses that a user (first station) may be provided with a first key used for 

authentication (Col 6, lines 11-46), Tabuki is silent as to whether the first key is received at the user (first 
station) after an authentication process, Kippenhan discloses the well-known idea that a key may be 
received after an authentication process. It would have been obvious to one of ordinary skill in the art at 
the time the invention was filed to combine the ideas of Kippenhan with those of Tabuki because 

15 incorporating an authentication process before receiving a first key makes the system more robust and 
secure by ensuring that a key is sent to the appropriate user. 

Tabuki in view of Kippenhan disclose the idea that information is sent to a first station after an 
authentication process. However, Tabuki in view of Kippenhan do not disclose the idea that the data is 
encrypted. Doonan discloses the idea that encrypted data may be sent from a server to a first station, 

20 and that a decryption key may be provided by another server. It would have been obvious to one of 
ordinary skill in the art at the time the invention was filed to combine the ideas of Doonan with those of 
Tabuki in view of Kippenhan because utilizing encryption to communicate information increases security 
in the system by preventing leakage to a third party. 

Tabuki in view of Kippenhan in further view of Doonan disclose all the limitations of the above 

25 claim, except for the limitation that the first station is a mobile station. Hammond discloses that a first 
station may be mobile wireless devices, such as PDAs or laptops. It would have been obvious to one of 
ordinary skill in the art at the time the invention was filed to combine the ideas of Hammond with those of 
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Tabuki in view of Kippenhan in further view of Doonan and utilize a PDA or laptops because the use of 
such devices would make the system more robust by allowing the first station to be mobile and able to 
gain access in situations where a wired connection is not possible. 

5 As per claim 2, the applicant describes the method of claim 1, which is met by Tabuki in view of 

Kippenhan in further view of Doonan in further view of Hammond, with the following limitation which is 
met by Tabuki: 

Wherein said step of providing said first key to said mobile station further comprises the step of 
providing a time out period for said first key to said mobile station (Tabuki: Col 6, lines 1 1-29; Fig 4); 

10 

As per claims 3,5, and 7, the applicant describes the method of claim 1 , which is met by Tabuki in 
view of Kippenhan in further view of Doonan in further view of Hammond, with the following limitation: 
Wherein said information stored in said database server is encrypted using a data access key 
and said second key is generated from said data access key and said first key; 

15 The combination of Tabuki, Kippenhan, Doonan, and Hammond teach that information stored in a 

database server is encrypted using a key (second key). However, the combination is silent as to whether 
the key is generated from the first key and another key (data access key). Examiner took official notice 
that it is common and well-known in the art to build a key from more than one key in the non-final action 
mailed 12/28/05. Based on Applicant's lack of contest in the subsequent remarks filed 3/28/06, the 

20 subject matter is assumed to be known in the art. It would have been obvious to one of ordinary skill in 
the art at the time the invention was filed to use more than one key to build a key because doing so 
increases security in the system since a third party would have to know separate keys to construct the 
actual key used. 

25 As per claim 4, the applicant describes the method of claim 1 , which is met by Tabuki in view of 

Kippenhan in further view of Doonan in further view of Hammond, with the following limitation: 
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Wherein said step of instructing said database server to provide information to said mobile station 
further comprises the step of providing said database server with a third key wherein said third key is 
used by said database server to further encrypt said information (Tabuki: Col 6, lines 30-42; Doonan: 
abstract, Col 3, line 46 to Col 4, line 4). 

5 

Claim 6 is rejected under 35 U.S.C. 103(a) as being unpatentable over Tabuki in view of 
Kippenhan in further view of Doonan in further view of Hammond in further view of Takamoto, U.S. Patent 
Application No. 2002/0108060. 

1 0 As per claim 6, the applicant describes the method of claim 1 , which is met by Tabuki in view of 

Kippenhan in further view of Doonan in further view of Hammond, with the following limitations which are 
met by Takamoto: 

a) receiving a third authentication request from said database server requesting authorization to 
update said particular database record by said mobile station (Tabuki: Col 7, line 38 to Col 8, line 27; 

15 Takamoto: [0041]); 

b) determining whether said mobile station has authority to update said database record (Tabuki: 
Col 7, line 38 to Col 8, line 27; Takamoto: [0041]); 

c) instructing said database server to allow said mobile station to update information associated 
with said database record (Tabuki: Col 7, line 38 to Col 8, line 27; Takamoto: [0041]); 

20 d) providing said mobile station with said second key enabling said mobile station to encrypt any 

information to be transmitted over to the database server to be updated at said database record (Tabuki: 
Col 7, line 38 to Col 8, line 27; Takamoto: [0041]); 

The combination of Tabuki, Kippenhan, Doonan, and Hammond meet all the limitations of claim 
1. However, the combination is silent as to whether updating is done by the mobile station. Takamoto 

25 discloses the idea that updating may be done after an authentication process. It would have been 
obvious to one of ordinary skill in the art at the time the invention was filed to combine the ideas of 
Takamoto with those of Tabuki in view of Kippenhan in further view of Doonan because doing so makes 
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the system more robust by allowing the mobile station to update content and make changes to 
information stored on the database server. 



Claims 8 and 19 are rejected under 35 U.S.C. 103(a) as being unpatentable over Tabuki in view 
5 of Doonan in further view of Hammond. 



As per claims 8 and 19, the applicant describes a method of communicating data securely which 
is similar to that of claim 1 with the exception that applicant does not include the step authenticating a 
user before providing a first key. Accordingly, the Kippenhan reference which was used to meet this 
10 limitation in the rejection of claim 1 has not been applied. 



As per claims 9 and 20, the applicant describes the method of claims 8 and 19, which are met by 
Tabuki in view of Doonan in further view of Hammond, with the following limitations: 

a) receiving a second encryption key from said authentication server (Tabuki: Col 6, line 30-42; 
15 Doonan: abstract, Col 3, line 46 to Col 4, line 4); 

b) encrypting said stored information using said second encryption key (Tabuki: Col 6, line 30-42; 
Doonan: abstract, Col 3, line 46 to Col 4, line 4); 

c) providing said encrypted information to said wireless device (Tabuki: Col 6, line 30-42; 
Doonan: abstract, Col 3, line 46 to Col 4, line 4). 

20 

Claim 12 is rejected under 35 U.S.C. 103(a) as being unpatentable over Tabuki in view of 
Doonan in further view of Hammond in further view of Takamoto. 



25 



As per claim 12, the applicant describes the method of claim 8, which is met by Tabuki in view of 
Doonan in further view of Hammond, with the following limitations which are met by Tabuki in view of 
Takamoto. The limitations and reasons for combination have been explained in the rejection of claim 6. 
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Claims 10-11 and 21-22 are rejected under 35 U.S.C. 103(a) as being unpatentable over Tabuki 
in view of Doonan in further view of Hammond in further view of Dang, U.S. Patent Application No. 
2003/0101113, in further view of Honjo, U.S. Patent Application No. 2002/0049912. 



5 As per claims 10-11 and 21-22, applicant describes the method of claims 8 and 19, which are met 

by Tabuki in view of Doonan in further view of Hammond, with the following limitation which is met by 
Dang and Honjo: 

Wherein said step of receiving said request from said wireless device to access said information 
further comprises the step of receiving a session key generated by said authentication server from said 

10 wireless device (Dang: [0016]; Honjo: claim 11); 

Tabuki in view of Doonan in further view of Hammond disclose all the limitations of claims 8 and 
19. However, the combination is silent as to receiving a request which includes a session key generated 
by the authentication server from said wireless device. Dang teaches including a session key, in a 
request, for authentication purposes. It would have been obvious to one of ordinary skill in the art at the 

15 time the invention was filed to combine the ideas of Dang with those of Tabuki in view of Doonan in 

further view of Hammond and include a session key in the request as a further means to authenticate the 
mobile station. 

Tabuki in view of Doonan in further view of Hammond in further view of Dang are silent as to the 
generation of the session key from a server. Honjo discloses the idea that a session key may be 

20 generated by a server and provided to a mobile station. It would have been obvious to one of ordinary 
skill in the art at the time the invention was filed to combine the ideas of Honjo with those of Tabuki in 
view of Doonan in further view of Hammond in further view of Dang and generate the session key at the 
authentication server because doing so increases security in the system by ensuring that the session key 
is generated by a trusted source and doing so allows the session key computation to take place at the 

25 authentication server, thereby reducing computation capacity required at the mobile station. 



Response to Arguments 
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Applicant's arguments with respect to the 112, second paragraph, rejection of claims 8-12 and 
19-22 have been fully considered, but a lack of antecedent basis issue is currently present. Accordingly, 
the claims remain rejected under 112 second paragraph. 

5 Applicant's arguments with respect to the 103(a) rejection of claim 1 have been considered but 

are moot in view of the new ground(s) of rejection. 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office 
10 action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of 
the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE MONTHS from 
the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date 
of this final action and the advisory action is not mailed until after the end of the THREE-MONTH 
15 shortened statutory period, then the shortened statutory period will expire on the date the advisory action 
is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later than SIX 
MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should 
20 be directed to Kevin Schubert whose telephone number is (571) 272-4239. The examiner can normally 
be reached on M-F 7:30-6:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Emmanuel Moise can be reached on (571) 272-3865. The fax phone number for the organization where 
this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
5 you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 
at 866-217-9197 (toll-free). 
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